Microsoft is reminding the Australian federal government that it has problems with a legislation proposal for security infrastructure changes. Specifically, Microsoft believes some of the aspects of the Bill could make Australia less secure. In recent years, the country has been taking an increasingly strict position against cybersecurity.
Known as the Security Legislation Amendment (Critical Infrastructure) Bill 2020, the draft legislation from the Department of Home Affairs wants to make amendments to the Security of Critical Infrastructure Act 2018.
Minister for Home Affairs Peter Dutton believes the proposal improves the 2018 act by creating “an enhanced framework to uplift the security and resilience of Australia's critical infrastructure”. In other words, the reach of the 2018 Act would extend to more sectors, such as communications, data and cloud, food and grocery, defence, research, health, transport, and higher education.
It has been before Parliament since December 2020 and if passed would force critical infrastructure organizations to fulfil certain security obligations. For example, it would include mandatory reporting to the Australian Signals Directorate (ASD). Furthermore, companies with close links to government and infrastructure security, such as cloud providers, would have added cybersecurity obligations.
Microsoft Speaks Out
Microsoft is a noted critic of the Bill and has now submitted its concerns to the Parliamentary Joint Committee on Intelligence and Security (PJCIS). The company says government intervention is not needed and goes against the goals of the proposal:
“Microsoft has significant concerns about this authority … we believe that a policy allowing for direct governmental intervention would undermine the government's objectives of defence and recovery,” the company writes.
“Rather, in many cases, it is the individual organisations themselves, and not the government, that are best positioned to determine how to appropriately respond to and mitigate the impact of cyber incidents.
“It would take a preclusive amount of time for the government to come into a live incident, properly understand the fact pattern, the technologies in play and the challenges of any decisions, and then be able to direct an appropriate response.”
One of Microsoft's chief concerns is the government would be forcing obligations without understanding how certain resources function.
“As such, the danger of having a government direct a private sector entity's response without complete knowledge of the situation and the technology cannot be understated,” Microsoft adds.
“Moreover, individual organisations are not only best positioned to respond; they also have as equal an incentive as the government to protect their own networks and maintain the trust of their customers.”
Some of Microsoft's biggest cloud rivals, including Salesforce and Amazon Web Services (AWS), have taken a similar stance against the proposed legislation.
Tip of the day:
Do you know the built-in repair tools SFC and DISM of Windows 10? With many problems they can get you back on track without loosing data and using third-party programs. In out tutorial we show you how to use them.